Please use this identifier to cite or link to this item:
The Supervision and Management of Banking Outsourcing
Outsourcing arrangements can help banks manage costs, obtain necessary expertise, expand customer product offerings, and improve services. While outsourcing to affiliated or nonaffiliated entities, it also introduces risks that financial institutions should address.
On supervising or managing outsourced activities of bank, regulator and bank should focus on the board of directors and senior management are responsible for understanding the risks associated with outsourcing arrangements and ensuring that effective risk management practices are in place. Once the bank has completed its risk assessment, management should evaluate service providers to determine their ability, both operationally and financially, to meet the institution’s needs. Contracts should be clearly written and sufficiently detailed to provide assurances for performance, reliability, security, confidentiality, and reporting. Banks should implement an oversight program to monitor each service provider’s controls, condition, and performance.
On offshore outsourcing, the bank should conduct adequate due diligence, manage risks appropriately, comply with applicable laws, and ensure access to critical information with respect to the services being provided by a foreign-based third party. Examination focus should be on the results of the bank’s due diligence, risk assessment, and ongoing oversight program as well as the internal and/or external audits arranged by the service provider or the bank. If warranted, the regulator may examine a bank’s outsourcing arrangement with a foreign-based service provider. If the provider is a regulated entity, then the regulator may arrange through the appropriate foreign supervisor(s) to obtain information related to the services provided to the bank, if significant risk issues emerge, to examine those services.
Work traditionally carried out by internal auditors of the bank is now done by independent public accounting firms and other outside professionals on audit outsourcing arrangement. However, potential conflicts of interest may arise if the outsourced auditing firm performs audit functions in addition to other audit services, such as providing the independent financial statement. To avoid this, accounting firms and other outside professionals should not act or appear to act in a capacity equivalent to a member of the client’s management or as a client employee.
On United States examination practice of outsourcing, key points of examination objectives are that determine the appropriate scope for the examination, evaluate the quantity of risk present from the institution’s outsourcing arrangements, evaluate the quality of risk management, discuss corrective action and communicate findings, determine requirements definition, due diligence, service contract, and monitoring service provider relationship(s).
周樹林（2006a），〈美國資訊委外服務市場發展趨勢〉，2007/1/5 retrieved from http://www.cpro.com.tw.
周樹林（2006b），〈Offshore資訊委外服務市場前瞻〉，2007/1/5 retrieved from http://www.cpro.com.tw.
American Society Radiologic Technologists (2005), Supplier Program.
Aldhizer III, G. R., J. D. Cashell, and D. R. Martin (1996), “ Internal Audit Outsourcing,” CPA Journal, October. 2006/9/3 retrieved from http://www.nysscpa.org/ cpajournal/ 1996/ 1096/ features/ Outsourcing.htm.
Audrain, S. C. and K. Proctor (2004), “Managing Vendor Risk: Using Effective Service Level Agreements,” 2007/5/3 retrieved from http://www.brintech.com/Knowledge_Center/PDF.
BaFin (2001), “Outsourcing of Operational Areas to Another Enterprise Pursuant to Section 25a (2) of the Banking Act,” November. 2006/12/9 retrieved from http://www.bafin.de/rundschreiben/93_2001/rs11_01en.htm.
Bartels, A. and A. Parker (2006), “ Teleconference European IT Spending Forecast, 2006-2007,” 2007/5/3 retrieved from http://www.forrester.com/Events/Content/0,5180,-1432,00.ppt
Basel Committee on Banking Supervision (2005), “Outsourcing in Financial Services,” Basel Report, February, pp. 1-22.
Bonnette, C. A. (2001), “Managing Technology Risk When You Outsource,” 2006/9/3 retrieved from http://www.bankersonline.com.
Committee of European Banking Supervisors (2006), “Standards on Outsourcing,” Consultation Paper, April, pp. 1-13.
Eastwood, G. (2004), The Financial Services Outsourcing Outlook: Fast Growth Markets,Opportunities and Competitive Strategies. Monaca: Business Insights.
FDIC (2004), Offshore Outsourcing of Data Services by Insured Institutions and Associated Consumer Privacy Risks.
FDIC (2001a), “Effective Practices for Selecting a Service Provider,” June 4, pp. 1-5.
FDIC (2001b), “Tools to Manage Technology Providers’ Performance Risk: Service Level Agreements,” June 4, pp. 1-7.
FDIC (2001c), “Techniques for Managing Multiple Service Providers,” June 4, pp. 1-4.
Federal Reserve Board (2001), Standards for Safegarding Customer Information, SR 01-15.
Federal Reserve Board (2000a), Outsourcing of Information and Transaction Processing, SR 00-4.
Federal Reserve Board (2000b), Information Technology Examination Frequency, SR 00-3.
Federal Reserve Board (1998), Assessment of Information Technology in the Risk-Focused Frameworks for the Supervision of Community Banks and Large Complex Banking Organizations, SR 98-9.
FFIEC (2004), Information Technology Examination Handbook (updated).
FFIEC (2000), “Risk Management of Outsourced Technology Services,” September 28, pp. 1-15.
FRB, FDIC, OCC, and OTS (2003), Interagency Policy Statement on the Internal Audit Function and Its Outsourcing.
FSA (2007a), Interim Prudential Sourcebook for Banks (revised).
FSA (2007b), “Operational Risk: Systems and Controls ,” Senior Management Arrangements, Systems and Controls, May, Section 8/ Section 13 (revised).
FSA (2007c), Supervision.
FSA (2005), Senior Management Arrangements, Systems and Controls.
FSA (2001a), Interim Prudential Sourcebook for Banks.
FSA (2001b), Regulatory Processes Manuals (Authorisation, Supervision, Enforcement and Decision Making) and Threshold Conditions.
FSA (2001c), Integrated Prudential Sourcebook.
Hallett, K. V. and H. R. Stastney (2003), “Regulators Issue Joint Policy Statement on Internal Audit Outsourcing,” 2006/9/3 retrieved from http://library.findlaw.com/2003/May/1/132902.html.
Matsumoto, S. (2006), Japan IT Outsourcing 2006-2010 Forecast Update. Framingham: IDC.
McPherson, A., S. Yadav, and R. Ravi (2006), U.S. Financial Services Payments Business Process Outsourcing 2006-2010 Spending Forecast and Analysis. Framingham: IDC.
Minton, S., J. Orozco, and A. Toncheva (2006), Asia/Pacific (Excluding Japan) IT Outsourcing 2006-2010 Forecast and Analysis. Framingham: IDC.
Monetary Authority of Singapore (2005), “ Guidelines of Outsourcing,” 2007/5/1 retrieved from http://www.mas.gov.sg.
OCC (2003), Internal and External Audits.
OCC (2002), Bank Use of Foreign-Based Third-Part Service Providers: Risk Management Principles, OCC 2002-16.
OCC (2001), Third-Party Relationships: Risk Management Principles, OCC 2001-47.
OTS (2004), “Oversight by the Board of Directors,” Thrift Activities Regulatory Handbook , November, Section 310.
Outsourcing Institute (2002), Fifth Annual Outsourcing Index.
PricewaterhouseCoopers (2005), “Internal Audit Services Outsourcing,” 2006/10/17 retrieved from http://www.pwcglobal.com.
Shankar, V. (2006), “A Compendium of Case Studies,” Bank Outsourcing Management, 1:3, pp. 1-8.
Takahashi, S., E. Davis, A. Parker, and O. King (2006), “European Business Process Outsourcing Spending Forecast: 2006 to 2011,” 2007/5/3 retrieved from http://www.forrester.com/Research/Document/Excerpt/0,7211,39384,00.html
Willcocks, L. P. and M. C. Lacity (1999), “ IT Outsourcing in Insurance Services: Risk, Creative Contracting and Business Advantage,” Information Systems Journal, July, pp. 163-180.
|Source URI: ||http://thesis.lib.nccu.edu.tw/record/#G0929210492|
|Data Type: ||thesis|
|Appears in Collections:||[行政管理碩士學程(MEPA)] 學位論文|
Files in This Item:
All items in 政大典藏 are protected by copyright, with all rights reserved.